[Task]: Front-end license checking

[sumiat]

Summary

The proposed front-end license checking tool needs to be configured. It's unclear if the license verification is robust enough to meet our needs regarding automation.

We have identified using license-checker library in the Front-end tooling ADR.

This should be integrated by including in the package.json file as npm run license-check so that it is consistent with the other front-end checks.

I ran this locally, and didn't note any licenses that are not copy left. I'm not sure how to determine the correct licenses.

Front-end license list

├─ MIT: 1198
├─ ISC: 77
├─ CC0-1.0: 49
├─ Apache-2.0: 38
├─ BSD-2-Clause: 35
├─ BSD-3-Clause: 31
├─ (MIT OR CC0-1.0): 6
├─ MIT*: 3
├─ MPL-2.0: 3
├─ Unlicense: 3
├─ BlueOak-1.0.0: 2
├─ 0BSD: 2
├─ Apache-2.0 AND MIT: 1
├─ Python-2.0: 1
├─ CC-BY-4.0: 1
├─ (MIT OR WTFPL): 1
├─ UNLICENSED: 1
├─ (MIT AND Zlib): 1
├─ (BSD-2-Clause OR MIT OR Apache-2.0): 1
├─ (MIT AND BSD-3-Clause): 1
├─ CC-BY-3.0: 1
└─ (MIT OR GPL-3.0): 1

Tasks

• Add license file for the /frontend, so it is not flagged as UNLICENSED (see list above)
• Determine correct licenses or list. I think we could just start with the existing licenses above.
• Add a white list file to the root of the repo that contains the list of spx licenses identified in the step above, so the backend could use as well for [Task]: Back-end license checking #238 (whitelist_license.txt) or the like
• Add a license-check command to package.json that includes the whitelist_license.txt file in the --onlyAll param, ie $(cat licenses_whitelist.txt | paste -sd\;) or similar
• Add npm run license-check to the front-end Github Action

Acceptance criteria

• Check that the solution is robust enough to automatically verify licensing checks
• If a different tool is chosen, update ADR [ADR]: Front-end Code Quality Tools #102
• Configure Github Actions to run automatically

[acouch]

Closing as this is a duplicate of #292